Sorry for the delay, but I was on assessment for a month straight and out of the country.
Samba's 'net' command is similar to its Windows counterpart, yet incorporates additional functionality from other Windows commands, such as 'sc'.
The 'net' command uses the '-U' , the 'W' and the '-n' command line options from my previous post on Samba. The server we're querying is '-S <server ip/name>'
The 'net' command has a large amount of built in documentation. I'll summarize some of the more useful features here. We will be releasing our "PTH Rosetta Stone" hopefully in the next few weeks that will detail how to accomplish various tasks using both the native Windows command line utilities and the associated Samba utilities.
The basic format is:
net [rap|rpc|ads] <command> [options]
"net rap" commands are primarily used for old SMB servers (think IBM / OS2).
"net ads" commands are used for Active Directory integration, meaning the linux box has been added to an AD environment. Suffice it to say that this is rarely the case for pen tests ;-) (that and I can't remember if I had all the bits and pieces compiled in for that to work...)
"net rpc" is the series of commands we will primarily deal with.
So, a typical example of the net command to view a list of all users in a domain "demo" would be:
net rpc user -S 172.16.1.1 -U demo/user%pw -n dummy1 -W demo
To list all groups in the domain, use the following command:
net rpc group -S 172.16.1.1 -U demo/user%pw -n dummy1 -W demo
List all the members of the "domain admins" group :
net rpc group members "domain admins" -S 172.16.1.1 -U demo/user%pw -n dummy1 -W demo
Here's a complete list of commands available. Note that some of the net commands only apply if the Linux box is joined to a domain. Usually to get more info on the subcommand just tack a "help" on the end to get a listing of subcommands.